ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 78.155.221.67:8078.
Database Entry
| IOC ID: | 1770997 |
|---|---|
| IOC: | 78.155.221.67:8078 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Cobalt Strike |
| Malware alias: | Agentemis, BEACON, CobaltStrike, cobeacon |
| Confidence Level : | Confidence level is moderate (50%) |
| Is compromised? : | False |
| ASN: | AS49505 SELECTEL |
| Country: |  RU |
| First seen: | 2026-03-18 18:00:05 UTC |
| Last seen: | never |
| UUID: | f6430f58-22f1-11f1-9af6-42010aa4000a |
| Reporter |  whoamix302 |
| Reward |
10 credits from anonymous |
| Tags: | Cobalt Strike |
whoamix302
Cobalt Strike BeaconHTTP/1.1 404 Not Found
Date: Wed, 18 Mar 2026 15:59:05 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 178.132.200.12,/updates.rss
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8078
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 773b84e27156517bad780572bf8378cc
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 178.132.200.12,/ca
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8078
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 773b84e27156517bad780572bf8378cc
sleeptime: 60000
useragent_header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)
uses_cookies: 1
watermark: 987654321